We are an all Mac/Linux environment, use Crowdstrike Falcon for EDR, and just recently added Zscaler to our Macs. It appears that the Zscaler agent MAY be snagging network traffic on the Mac before Crowdstrike can inspect it and thus, lowering our security posture on our endpoints. The reasoning is that when we look at network event data for a given host within Crowdstrike, we no longer see the connection data (URL, IP, associated processes, etc). All we see, relative to HTTP/HTTPS is traffic to the Zscaler cloud associated with the Zscaler process. It is worth noting that while Zscaler logs show the destinations, it does not show which processes are associated which we need for investigations.
I have a ticket submitted with both Zscaler and Crowdstrike. Crowdstrike reviewed and stated that it very much looks like this is happening but to work with Zscaler to confirm. Waiting on info from Zscaler but curious if anyone else in the community here is experiencing the same thing.